The Evolution of Managed Security Services ISS Virtual-SOC Solution, Security the Way You Need It

Transcription

1 The Evolution of Managed Security ISS Virtual-SOC Solution, Security the Way You Need It Copyright 2006 Internet Security Systems, Inc. All rights reserved worldwide

2 The Evolution of Managed Security : ISS Virtual-SOC Solution, Security the Way You Need It An ISS White Paper Table of Contents WHAT IS VIRTUAL-SOC? BENEFITS OF AN ISS VIRTUAL-SOC SOLUTION THE VIRTUAL-SOC INTEGRATED SERVICES PORTFOLIO Managed Security Security Enablement ISS VIRTUAL-SOC ARCHITECTURE AND PORTAL FEATURES THE POWER OF INTEGRATED SERVICES THE EVOLUTION OF MANAGED SECURITY SERVICES Phase 1: Managed Security : Device Management Phase 2: Managed Protection : Guaranteed Protection Phase 3: Virtual-SOC: Integration and Personalization... 6 Phase 4: Protection On-Demand VIRTUAL-SOC: THE SECURITY YOU NEED, THE SOLUTION YOU CHOOSE.. 7

3 The Evolution of Managed Security : ISS Virtual-SOC Solution, Security the Way You Need It An ISS White Paper 1 WHAT IS VIRTUAL-SOC? Demands placed on information technology organizations have never been higher. The emergence of new cyber threats and e-nuisances continue to wreak havoc on aging security technologies and under-protected systems. New laws and regulations for business governance and data privacy/protection impose severe fines and penalties on organizations for compliance failures. All of this requires IT professionals to maintain constant vigilance and necessitates security programs that have a strong balance between proactive and reactive measures. Even with increased security budgets, IT organizations still face the challenges of staffing skilled security experts, keeping up with rapid security technology advancements and developing successful security procedures. Most importantly, they must figure out how to manage and monitor all of these security technologies in a manner that provides real-time protection against threats that never rest. Internet Security Systems (ISS) has developed the Virtual Security Operations Center (Virtual-SOC) integrated services architecture to help IT organizations such as yours address these challenges. ISS Virtual-SOC is a framework for integrating security tools, services and intelligence into a consolidated view, to manage and monitor security operations from a single point. The Virtual-SOC architecture provides a comprehensive view of your security posture combined with actionable security information to help you stay Ahead of the threat. Utilizing advanced artificial intelligence systems that aggregate security events and network logs, Virtual-SOC correlates this information against security vulnerabilities. Virtual-SOC then produces prioritized actions based on your individual organization's security posture. Using the Virtual-SOC, you are able to manage your entire security operation: managed and unmanaged devices (both ISS and third-party), security intelligence, reporting, archiving, remediation, escalation and collaboration with ISS Managed Security analysts. Virtual-SOC is accessible anytime and anywhere through the powerful, easy-to-use Virtual-SOC Portal that allows for real-time decision-making. Your organization's Virtual-SOC solution can be customized from an array of managed and monitored security services along with the suite of ISS Security Enablement. This provides you with the flexibility to outsource the management and monitoring of certain devices to ISS, while using the Virtual- SOC to monitor other security with in-house resources. Virtual-SOC further simplifies security management, monitoring and reporting by consolidating and normalizing logs and events across your organization's deployment of multi-vendor security technologies whether those technologies are managed by ISS or by you in-house. ISS Security Enablement are packaged solutions that can be easily integrated into your organization's security program to provide the tools and intelligence required to proactively secure the network and maintain regulatory compliance. Security Enablement include ISS Vulnerability Management Service, Security Event and Log Management and X-Force Threat Analysis Service. ISS is the trusted security partner to commercial organizations and governments worldwide. The ISS Virtual-SOC architecture has been developed using a decade of experience designing, managing and monitoring thousands of security solutions for its customers. Partnering with ISS to build a customized Virtual-SOC solution allows you to leverage ISS world-renowned X-Force security intelligence, global managed services capabilities and its network of expert analysis systems.

4 The Evolution of Managed Security : ISS Virtual-SOC Solution, Security the Way You Need It An ISS White Paper 2 within the Virtual-SOC are designed to integrate with each other as building blocks within a security program. Each service offers value when used independently of each other. Combining services, however, offers a real advantage, ensuring that all of your security needs are managed by creating a comprehensive security solution. Whether using a single service or a customized solution of multiple services integrated within the Virtual-SOC, your security organization will benefit from a more secure network infrastructure. Managed Security Managed IPS/IDS Managed MFS Managed Firewall Managed Protection NORMALIZE AGGREGATE CORRELATE ARCHIVE ESCALATE REMEDIATE Vulnerability Management X-Force Threat Analysis Security Enablement Security Event Management Secure Log Management BENEFITS OF AN ISS VIRTUAL-SOC SOLUTION A Virtual-SOC solution gives a comprehensive view of your organization's security posture and provides the security expertise and intelligence needed to secure the enterprise. This solution provides 24/7/365 protection against internal and Internet-based threats at a fraction of the cost of in-house resources. The challenge of managing a multi-vendor security environment is diminished through the Virtual-SOC solution's product- and service-neutral approach, resulting in improved operations, enhanced network performance and reduced costs. Benefits include: Save up to 55 percent 1 on information security management costs, allowing your organization to allocate funds to other objectives. With the ISS Virtual-SOC solution, you achieve these savings through reduced costs and gained efficiencies - including management and monitoring systems, data warehousing, research and reporting, bandwidth, staffing, training and more. Protect business continuity, company assets and brand reputation 24/7/365 by preventing attacks before they damage and disrupt business operations. Maintain compliance with government and industry security regulations by proactively monitoring systems. Improve system uptime and performance without a large investment in technology and resources. Use security resources more efficiently with ISS real-time and automated event analyses, correlation and prioritization; prevent misidentification of attacks, eliminate false positives and ensure accurate identification of malicious behavior before it can cause damage. Entrust security device management to ISS highly skilled professional security engineers or leverage Virtual-SOC to monitor others in-house. Leverage existing security investments from third-party vendors such as Cisco, Juniper, 3Com and McAfee as well as those from ISS. 1 For more information, visit /products_services/managed_services/

5 The Evolution of Managed Security : ISS Virtual-SOC Solution, Security the Way You Need It An ISS White Paper 3 Ensure guaranteed protection of the network environment with performance-based ISS Managed Protection that carry a $50,000 moneyback warranty 2. Access the Virtual-SOC 24/7/365 through a feature-rich secure Portal for customized reporting, threat analysis information and secure communications with ISS Security Operation Center analysts. The Portal is accessible from the desktop or a mobile device such as a personal digital assistant (PDA). Stay vigilant with up-to-the-minute information from the ISS X-Force, the most respected security intelligence and research organization in the industry. The X-Force gathers security intelligence from thousands of sources around the world, proactively researching and developing protection for the vulnerabilities hackers could use to launch attacks. Proactively protect your enterprise systems from vulnerabilities with ISS Virtual Patch technology, allowing you to patch unsecure systems when resources are available. Rest assured that security services are being delivered via state-of-the-art, fully certified Security Operation Centers. The sophisticated ISS SOCs are highly secure, with redundant environments strategically designed to ensure that mission-critical systems are protected from any single point of failure. THE VIRTUAL-SOC INTEGRATED SERVICES PORTFOLIO The Virtual-SOC integrated services portfolio consists of a variety of traditional ISS Managed Security and Security Enablement that seamlessly integrate into the Virtual-SOC architecture. This allows your IT organization to partner with ISS and build an effective security program. Your authorized contacts are provided with a centralized view of all services and activities via the powerful, secure Virtual-SOC Portal. Leveraging the strengths of in-house resources and the ISS Virtual-SOC, you will have the advantage of a unified security view, expert management and monitoring, knowledge of your vulnerabilities and reliable security intelligence working together to proactively keep your organization Ahead of the threat. MANAGED SECURITY SERVICES Internet Security Systems Managed & Monitored Firewall - Provides 24/7/365 comprehensive protection and expert management of your organization's firewalls and virtual private networks (VPNs), delivering customized protection at a fraction of the cost of traditional solutions. ISS provides Managed and Monitored Firewall for ISS, Check Point, Cisco and Juniper firewall technologies. Internet Security Systems Managed IDS and IPS - Provides 24/7/365 comprehensive protection for networks and servers, detecting or blocking threats and unauthorized access from internal and external sources. ISS provides Managed IDS and IPS for ISS, Cisco, Juniper, 3Com and McAfee IDS and IPS technologies. Internet Security Systems Managed Multi-Function Security (MFS) - Provides 24/7/365 comprehensive protection and expert management of your organization's all-in-one security appliances. This delivers customized protection at a fraction of the cost of traditional solutions. ISS provides Managed Multi-Function Security for ISS, Cisco and Juniper multi-function technologies. Internet Security Systems Managed Protection (MPS) - Provides networks, servers and desktops with 24/7/365 comprehensive protection and expert management, monitoring and escalation. Network services span firewall, intrusion prevention, antivirus, antispam, content security and VPN capabilities found in the ISS market-leading Proventia suite of protection solutions. ISS provides MPS for Servers across a variety of platforms and operating systems using ISS RealSecure and Proventia Server products. ISS provides MPS for Desktops using ISS RealSecure and Proventia Desktop products incorporating ISS award-winning desktop firewall, intrusion prevention, antivirus compliance, Virus Prevention System (VPS) and buffer overflow exploit prevention technologies. 2 Money-back Guarantee (for Managed Protection - Premium Level only): If Internet Security Systems fails to meet the Security Incidents Prevention Guarantee for any given calendar month, Customer's account shall be credited the charges for one full month of the affected Customer's Monthly Monitoring Fee for each instance for which this guarantee has not been met. Please see ISS Service Level Agreements (SLAs) for more details.

6 The Evolution of Managed Security : ISS Virtual-SOC Solution, Security the Way You Need It An ISS White Paper 4 SECURITY ENABLEMENT SERVICES Internet Security Systems Vulnerability Management Service - Provides a turnkey vulnerability management solution for small, medium and large enterprises. Vulnerability Management Service combines internal and external managed scanning services with expert workflow and case management to protect your network infrastructure from intrusions that could potentially damage your business. Internet Security Systems Security Event and Log Management - Helps your organization assemble the collective mindshare of your network applications and operating systems along with disparate security technologies into one seamless platform. This enables you to archive, analyze, correlate and trend security and network events, while managing response and remediation workflow. You can query logs across many disparate device types through a common interface, dramatically improving the speed of security investigations. Further, ISS provides archives of forensically sound data, admissible as evidence in a court of law, for up to seven years. Internet Security Systems X-Force Threat Analysis Service - Enables proactive management of daily security threats through the comprehensive evaluation of global threat conditions and detailed analysis tailored for your specific needs. X-Force Threat Analysis Service combines threat information collected from the ISS global network of security operations centers and trusted security intelligence from the ISS X-Force. This analysis provides your organization with near real-time global threat information to help you take decisive, proactive measures to protect your infrastructure from attack or misuse. In addition, Virtual-SOC Portal users are provided with X Force Daily Threat Assessments via . ISS VIRTUAL-SOC ARCHITECTURE AND PORTAL FEATURES The Virtual-SOC architecture is an extensive network of intelligent systems and processes that enables seamless integration between ISS Managed Security and Security Enablement delivered through a secure, Web-based Portal. This integration gives your IT organization the intelligence, tools and capabilities necessary to make real-time decisions when immediate action is required. Some of the most popular features of the Virtual-SOC Portal and architecture are represented in the following list: Open Vendor Architecture - Virtual-SOC accommodates a wide variety of best-of-breed IDS, IPS and firewall technologies from multi-vendor systems including products from ISS, Cisco, Check Point, Juniper, 3Com, McAfee, Sun, Microsoft and others. Consolidated Security Views - Your IT organization can monitor and control all Virtual-SOC services via a centralized command center utilizing the Virtual-SOC Portal. Subscribing to any mix of ISS Security Enablement or traditional managed services will alleviate your IT staff's struggle to monitor a mixture of multi-vendor security devices such as firewalls, IDS or IPS. Your IT organization will be able to view all security events and logs from a single location via the Virtual-SOC Portal. In addition, your IT organization can monitor security events or logs for one device, all devices or anything in between with easy-to-use filters. Powerful Query and Reporting Options - Virtual-SOC normalizes all events and logs published to the Virtual-SOC Portal. This enables your IT security organization to run queries and generate reports on any or all security devices, security events, service level agreement (SLA) activity and many other parameters via a robust query and report engine. This capability greatly reduces the time needed to conduct investigations and identify abuse trends across the enterprise. You may use one of the ISS recommended Virtual-SOC report templates or create your own. You may add a logo or other personalized branding to the reports and tailor them for your organization. All reports can be exported to commonly supported formats such as CSV, PDF, DOC and others. Automated Event/Log Analysis - Virtual-SOC services include automated analysis of security events and logs via the ISS network of intelligent systems within the Virtual-SOC architecture. These services, events and logs received by ISS will be analyzed by expert systems to uncover trends, anomalies, activity spikes and subtle under-the-wire attacks. When these systems identify an event or log trend that is indicative of abnormal activity, they will generate an alert or ticket that will be posted within the Virtual-SOC Portal. Unlimited Event/Log Archive - Many Virtual-SOC services include one year of unlimited online event/log storage accessible via the Virtual-SOC Portal, and seven years of unlimited offline archiving in the forensically sound ISS archival system. ISS maintains the integrity of all events and logs by storing the original logs in their raw native formats; copies of these original logs are used for normalization, monitoring or reporting purposes.

7 The Evolution of Managed Security : ISS Virtual-SOC Solution, Security the Way You Need It An ISS White Paper 5 Granular Permissions System - Access to and within the Virtual-SOC is driven by a granular permission system. This enables your IT organization to determine who can access the Portal, what users can see when they are logged in, what they have the right to change and which users are authorized to contact ISS Security Operations Centers. User permissions can be granted as read or read/write at the device level, site level, division/department level, by service type and by technology type. These granular permission capabilities allow your IT organization to leverage the Virtual-SOC Portal as a collaboration tool. Integrated Trouble Ticketing and Workflow - The Virtual-SOC Portal includes a trouble ticketing workflow system by which your IT organization can create, assign and track ticket status for collaboration within your enterprise. These trouble tickets are not accessible or viewable by ISS analysts. Authorized Virtual-SOC Portal users are able to view their own trouble tickets side by side with the trouble tickets being shared with ISS. Using this capability, your IT organization can streamline remediation and change control management efforts via your own private tickets. ISS can also provide an application program interface (API) to integrate with common trouble ticketing systems such as Remedy. ISS Virtual-SOC Portal Open vendor architecture Consolidated security views Managed Security Security Enablement Powerful query & reporting options Automated event/ log analyses Unlimited event/ log archive Granular permissions system Guaranteed availability Integrated trouble ticketing & workflow Integrated X-Force intelligence THE POWER OF INTEGRATED SERVICES Integrating services under the Virtual-SOC architecture creates added security protection. By taking advantage of the synergies achieved from integrated services, you realize added benefits. The following examples illustrate how services integration can provide added protection. When Managed Protection and Vulnerability Management are integrated, you receive Virtual Patch protection. After reviewing the results of vulnerability scans, you may use the Virtual-SOC Portal to request the application of a Virtual Patch for vulnerabilities found on systems residing behind an inline IPS managed by ISS. An ISS SOC analyst will implement an IPS rule, if applicable, to block access to that vulnerability and apply protection for the system until a vendor-supplied patch can be tested and applied. When Security Event & Log Management and Managed IDS & IPS or Managed & Monitored Firewall are used together, you are able to view all security events from firewall, IDS and IPS devices managed in-house alongside of those managed by ISS. This provides a consolidated security view as well as query and reporting capabilities across the enterprise.

8 The Evolution of Managed Security : ISS Virtual-SOC Solution, Security the Way You Need It An ISS White Paper 6 When Managed IDS & IPS and Managed & Monitored Firewall are used in combination, you receive correlated protection. If ISS SOC analysts identify attacks via monitored intrusion detection or intrusion prevention systems, they will request your authorization to implement firewall rule changes to block access from malicious hosts. Additionally, ISS SOC analysts often compare firewall logs with IDS data to identify if the malicious activity was allowed through the firewall's access policy. THE EVOLUTION OF MANAGED SECURITY SERVICES ISS is a pioneer in Managed Security, serving as the trusted security provider and advisor to commercial and government customers worldwide for over a decade. Since assuming management of its first firewall, ISS has stayed close to its customers to protect them when they need it most. As the security industry has matured, so have customers' needs. ISS has responded with new services and offerings that help you keep your networks, assets, users, customers and partners safe and secure. ISS has evolved into one of the largest managed security services providers, and not by coincidence. It is the result of strategic planning based on listening to customers' needs and leveraging its strong position in the security industry to anticipate trends and future security challenges. Through this strategic planning, ISS has formed and built upon a phased approach for bringing services to the marketplace that solve your challenges now and in the future. The ISS phased approach described below has brought about market-leading changes and will continue to keep you Ahead of the threat. Phase 1: Managed Security : Device Management ISS Managed Security met the challenge of staffing hard-to-find skilled security experts around-the-clock to manage and monitor security technologies such as firewalls, intrusion detection and prevention, Web filtering and antivirus. Phase 2: Managed Protection : Guaranteed Protection Highly recognized ISS Managed Protection brought about market-leading changes. Traditional managed security services typically specify penalties for reacting to events and security attacks, but only if the security devices are able to detect them. ISS did not believe this was adequate. In 2004, ISS raised the bar with the industry's first protection guarantee through its Managed Protection. ISS Managed Protection go beyond simple event monitoring and device management by offering money-back, guaranteed performance-based Service Level Agreements. These SLAs are based on ISS ability to protect your organization before attacks reach your system, not afterwards. Phase 3: Virtual-SOC: Integration and Personalization In this current phase, ISS brings you new offerings through its new Virtual-SOC architecture and Portal that enable you to better manage your in-house security programs. Through the Virtual-SOC, ISS produces new, tightly integrated service offerings that you can use to take a more proactive stance in network security. Phase 4: Protection On-Demand The fourth phase of the ISS approach will bring about sweeping new changes to the way you procure, deploy and manage your security. Protection On-Demand will provide you with the ability to secure your enterprise, customers and partners in a fast, simple, reliable and highly scalable manner. You may choose to have ISS Managed Security take over managing your security infrastructure during non-business hours every evening, or simply provide monitoring and management for your new offices until they are fully staffed. ISS Protection On-Demand will allow you to leverage the full ISS Managed Security capabilities when, where and how you need them. ISS Virtual-SOC architecture lays the foundation for bringing Protection On-Demand to reality.

9 The Evolution of Managed Security : ISS Virtual-SOC Solution, Security the Way You Need It An ISS White Paper 7 VIRTUAL-SOC: THE SECURITY YOU NEED, THE SOLUTION YOU CHOOSE ISS continues to innovate, pushing its technology and services forward to provide you with the protection you need, using the approach you prefer. You can choose any services from the ISS Managed Security, Managed Protection and Security Enablement portfolio as part of your fully integrated Virtual-SOC solution. This provides you with the ability to selectively outsource management and monitoring of security devices to ISS while using the Virtual-SOC to manage and monitor other security in-house. Using the Virtual-SOC approach, you can consolidate the security view across your diverse multi-vendor enterprises and overcome the limitations of independent security stovepipes.

10

11

12 GLOBAL HEADQUARTERS 6303 Barfield Road Atlanta, GA United States Phone: (404) REGIONAL HEADQUARTERS Australia and New Zealand Internet Security Systems Pty Ltd. Level 6, 15 Astor Terrace Spring Hill Queensland 4000 Australia Phone: +61 (0) Fax: +61 (0) Asia Pacific Internet Security Systems K. K. JR Tokyu Meguro Bldg Kami-Osaki, Shinagawa-ku Tokyo Japan Phone: +81 (3) Fax: +81 (3) Europe, Middle East and Africa Ringlaan 39 bus Strombeek-Bever Belgium Phone: +32 (2) Fax: +32 (2) isseur@iss.net Latin America 6303 Barfield Road Atlanta, GA United States Phone: (404) Fax: (509) isslatam@iss.net Copyright 2006, Internet Security Systems, Inc. All rights reserved worldwide. Internet Security Systems, ADDME, AlertCon, the AlertCon logos, SecurityFusion, SecurePartner, SiteProtector, System Scanner, Virtual Patch and X-Press Update are trademarks and service marks of Internet Security Systems, Inc. The Internet Security Systems logo, Proventia, Internet Scanner, RealSecure and X-Force are registered trademarks of Internet Security Systems, Inc. Other marks and trade names mentioned are the property of their owners as indicated. All marks are the property of their respective owners and used in an editorial context without intent of infringement. Specifications and content are subject to change without notice. Distribution: General SM-VSOCWP BARFIELD ROAD l ATLANTA, GA l l FAX